Scam is targeting Westpac customers with fake email and website

This Westpac scam is one of many currently making the rounds.Source:News Corp Australia

WESTPAC customers are warned to be taking extra care following the emergence of a troubling malicious email scam this week.

Discovered by Australian cybersecurity firm MailGuard on Wednesday, the scam is targeting Westpac customers with an email that has a subject line reading “your account is locked”.

The email advices customers’ that their account has been temporarily locked “as a result of technical issues detected” and can only be fixed by clicking on a link within the article.

Clicking the link will take victims to a replica of the Westpac banking website, where they are told to enter their customer ID and password.

Doing so will give the cybercriminals behind this campaign the ability to steal and record login information needed to access victims’ accounts.

The scam wants victims to click on the linkSource:Supplied

While this fraud does contain many indications it is a scam, the fact the forged email address ends in @westpac.com.au may trip up some recipients.

MailGuard chief executive Craig McDonald said these type of banking scams often increase around end-of-financial-year time.

“The criminals behind these fraud attempts are relying on people being busy; they want people to drop their guard for a moment and unwittingly hand over all the information necessary to hack a bank account. In this case, it’s simply a customer ID and password,” he told news.com.au.

“While this one is a very simple phishing email — and there are some telltale signs it is not legitimate — the fake Westpac banking site it leads to looks very realistic.”

The fake website looks very much like Westpac's banking pageSource:Supplied

Mr McDonald added this type of scam wasn’t isolated to Westpac.

“In the past few days we’re seen Suncorp internet banking customers targeted in a similar phishing attack, and a fake e-toll invoice disguised as an email from NSW Roads and Marine. These attempts are now a daily occurrence,” he said.

“I urge Australians not to be ‘happy clickers’. Be extra vigilant. If you receive an email — or an SMS — asking you to click and link and log in somewhere, take an extra moment to stop and consider what you’re handing over. It can take just seconds for a cybercriminal to drain a bank account.”

News.com.au has contacted Westpac for comment.

Have you been caught in a scam? Continue the conversation in the comments below or with Matthew Dunn on Facebook or Twitter.

Apple iOS security risk revealed3:42

A video explaining the possibility of hacker attacks on the new Apple iOS8 system using a Phishing scam and the gmail app.